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Formal Methods Demonstration Project for Space Applications 

Ben L. DiVito 0 n 
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VIGYAN, Inc 


The Space Shuttle program is cooperating in a pilot project to apply formal methods to live require- 
ments analysis activities. As one of the larger ongoing Shuttle Change Requests (CRs), the Global 
Positioning System (GPS) CR involves a significant upgrade to the Shuttle’s navigation capability. 
Shuttles are to be outfitted with GPS receivers and the primary avionics software will be enhanced 
to accept GPS-provided positions and integrate them into navigation calculations. Prior to imple- 
menting the CR, requirements analysts at Loral Space Information Systems, the Shuttle software 
contractor, must scrutinize the CR to identify and resolve any requirements issues. 

We describe an ongoing task of the Formal Methods Demonstration Project for Space Applications 
whose goal is to find an effective way to use formal methods in the GPS CR requirements analysis 
phase. This phase is currently under way and a small team from NASA Langley, ViGYAN Inc. and 
Loral is now engaged in this task. Background on the GPS CR is provided and an overview of the 
hardware/software architecture is presented. We outline the approach being taken to formalize the 
requirements, only a subset of which is being attempted. The approach features the use of the PVS 
specification language to model “principal functions,” which are major units of Shuttle software. 
Conventional state machine techniques form the basis of our approach. 

Given this background, we present interim results based on a snapshot of work in progress. Sam- 
ples of requirements specifications rendered in PVS are offered for illustration. We walk through a 
specification sketch for the principal function known as GPS Receiver State Processing. Results to 
date are summarized and feedback from Loral requirements analysts is highlighted. Preliminary 
data is shown comparing issues detected by the formal methods team versus those detected using 
existing requirements analysis methods. We conclude by discussing our plan to complete the 
remaining activities of this task. 
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PVS Modeling of Principal Functions (Cont'd) Requirements for Receiver State Processing 
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Sample Subfunction of Receiver State Processing Principal Function Interface Types 
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Session 5: Software Systems (2) 

C. Michael Holloway, Chair 


* Ada 9X Language Precision Team, by David Guaspari, Odyssey Research Associates 

• Introduction to Penelope and Its Applications, by David Guaspari , Odyssey Research Associates 
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